• Regardless of what legal basis you use, document your decisions and choices. Accountability is a key aspect of the GDPR, and you should be able to provide justifications and explanations for your actions at any given time. Maintain a comprehensive and detailed data register, as it is a fundamental obligation for nearly all data controllers. • Exercise caution when using eID card readers, especially when creating loyalty cards or engaging in customer promotions. It is advisable to avoid such practices if possible. If you decide to implement electronic loyalty cards, ensure that the software vendor you choose has adhered to the fundamental principles of data minimization and privacy by design during the software’s development. 95